| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 29 Sep 2017 13:51:05 +0300
From: Volodymyr Babchuk <volodymyr_babchuk@...m.com>
To: Mark Rutland <mark.rutland@....com>
Cc: linux-kernel@...r.kernel.org, linux-arm-kernel@...ts.infradead.org,
tee-dev@...ts.linaro.org,
Jens Wiklander <jens.wiklander@...aro.org>,
Volodymyr Babchuk <vlad.babchuk@...il.com>
Subject: Re: [PATCH v1 00/14] tee: optee: add dynamic shared memory support
Hello Mark,
On 29.09.17 13:31, Mark Rutland wrote:
> Hi,
>
> On Thu, Sep 28, 2017 at 09:03:57PM +0300, Volodymyr Babchuk wrote:
>> From: Volodymyr Babchuk <vlad.babchuk@...il.com>
>>
>> This patch series enables dynamic shared memory support in the TEE
>> subsystem as a whole and in OP-TEE in particular.
>>
>> Global Platform TEE specification [1] allows client applications
>> to register part of own memory as a shared buffer between
>> application and TEE. This allows fast zero-copy communication between
>> TEE and REE. But current implementation of TEE in Linux does not support
>> this feature.
>>
>> Also, current implementation of OP-TEE transport uses fixed size
>> pre-shared buffer for all communications with OP-TEE OS. This is okay
>> in the most use cases. But this prevents use of OP-TEE in virtualized
>> environments, because:
>> a) We can't share the same buffer between different virtual machines
>> b) Physically contiguous memory as seen by VM can be non-contiguous
>> in reality (and as seen by OP-TEE OS) due to second stage of
>> MMU translation.
>> c) Size of this pre-shared buffer is limited.
>
> I'm afraid that I don't follow the arguments for virtualized OP-TEE
> usage.
Yes, this is short summary. This is patches for Linux kernel, so I
thought it is okay to mention only linux part.
> In a virtualised environment, TEE access *must* be mediated via the
> hypervisor, which can virtualise the interface, pin pages, etc.
Absolutely right. I had many discussions with XEN community on this
topic there: [2]
Also I had discussions with OP-TEE guys there: [3]
> Could you elaborate on how you expect TEE access to work in a
> virtualised environment?
Hypervisor will trap all SMCs. SMCs that belong to TEE OS and TEE apps
will be handled by corresponding TEE mediator in a hypervsior.
TEE mediator will:
1) check if this guest/domain have right to work with TEE at all.
2) Mangle pointers in command buffer (translate IPA to PA)
3) Add VMID to request
3) Forward mangled request to TEE
4) Mangle pointers in response buffer (if any)
5) Return response back to guest.
Besides this, TEE mediator will inform TEE about guest creation and
destruction, so TEE can track opened sessions, shared buffers and such.
[2] http://xen.markmail.org/thread/6pwpa2j6sbqkxgge
[3] https://github.com/OP-TEE/optee_os/issues/1019
Powered by blists - more mailing lists